[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access log for OpenLDAP



Hello,

Sebastian Moeller <Sebastian_Moeller@web.de> writes:

> hi all,
>
> I'm looking for some kind of an access log for OpenLDAP, especially
> for "mod"(-ify) access.
> The log-level directive in slapd.conf only allows to log _all_ access
> (read, search, modify...). Ok, loglevel 256 is close to what I'm
> looking for, but I don't need these megabytes of information with an
> very fast increasing log.
> I just want to log the modify events with the dn and/or an IP.
>
> I think that this is not an unusual requirement. Any suggestions for
> my problem? How would you manage an openLDAP-server where many people
> have read/write access? The admin just wants to let the users know,
> that they shouldn't play around with the directory, because he can see
> who deleted some entries (for example).

You probably want to make use of the monitor backend.
ldapsearch -b "cn=Modify,cn=Completed,cn=Operations,cn=Monitor"
At least that will give you a hint, wether modifications have been
taken place. And the searchbase 'cn=connections,cn=monitor" will show
you all connections.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de